CVE-2024-38553

net: fec: remove .ndo_poll_controller to avoid deadlocks

Description

In the Linux kernel, the following vulnerability has been resolved: net: fec: remove .ndo_poll_controller to avoid deadlocks There is a deadlock issue found in sungem driver, please refer to the commit ac0a230f719b ("eth: sungem: remove .ndo_poll_controller to avoid deadlocks"). The root cause of the issue is that netpoll is in atomic context and disable_irq() is called by .ndo_poll_controller interface of sungem driver, however, disable_irq() might sleep. After analyzing the implementation of fec_poll_controller(), the fec driver should have the same issue. Due to the fec driver uses NAPI for TX completions, the .ndo_poll_controller is unnecessary to be implemented in the fec driver, so fec_poll_controller() can be safely removed.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/e2348d8c61d03feece1de4c05f72e6e99f74c650
https://git.kernel.org/stable/c/d38625f71950e79e254515c5fc585552dad4b33e patch
https://git.kernel.org/stable/c/accdd6b912c4219b8e056d1f1ad2e85bc66ee243 patch
https://git.kernel.org/stable/c/87bcbc9b7e0b43a69d44efa5f32f11e32d08fa6f patch
https://git.kernel.org/stable/c/c2e0c58b25a0a0c37ec643255558c5af4450c9f5 patch

Frequently Asked Questions

What is the severity of CVE-2024-38553?
CVE-2024-38553 has been scored as a medium severity vulnerability.
How to fix CVE-2024-38553?
To fix CVE-2024-38553, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-38553 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-38553 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-38553?
CVE-2024-38553 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.